from HTYP, the free directory anyone can edit if they can prove to me that they're not a spambot
< smb.conf‎ | manpage‎ | 2006‎ | parameters
Jump to navigation Jump to search
This parameter is a synonym for case sensitive.
case sensitive (S)
See the discussion in the section NAME MANGLING.
  • Default: case sensitive = no
change notify timeout (G)
This SMB allows a client to tell a server to "watch" a particular directory for any changes and only reply to the SMB request when a change has occurred. Such constant scanning of a directory is expensive under UNIX, hence an smbd(8) daemon only performs such a scan on each requested directory once every change notify timeout seconds.
  • Default: change notify timeout = 60
  • Example: change notify timeout = 300 # Would change the scan time to every 5 minutes.
change share command (G)
Samba 2.2.0 introduced the ability to dynamically add and delete shares via the Windows NT 4.0 Server Manager. The change share command is used to define an external program or script which will modify an existing service definition in smb.conf. In order to successfully execute the change share command, smbd requires that the administrator be connected using a root account (i.e. uid == 0).
  • When executed, smbd will automatically invoke thechange share command with four parameters.
    • configFile - the location of the global smb.conf file.
    • shareName - the name of the new share.
    • pathName - path to an existing directory on disk.
    • comment - comment string to associate with the new share.
  • This parameter is only used modify existing file shares definitions. To modify printer shares, use the "Printers..." folder as seen when browsing the Samba host.
  • Default: change share command =
  • Example: change share command = /usr/local/bin/addshare
client lanman auth (G)
This parameter determines whether or not smbclient(8) and other samba client tools will attempt to authenticate itself to servers using the weaker LANMAN password hash. If disabled, only server which support NT password hashes (e.g. Windows NT/2000, Samba, etc... but not Windows 95/98) will be able to be connected from the Samba client.
  • The LANMAN encrypted response is easily broken, due to its case-insensitive nature, and the choice of algorithm. Clients without Windows 95/98 servers are advised to disable this option.
  • Disabling this option will also disable the client plaintext auth option
  • Likewise, if the client ntlmv2 auth parameter is enabled, then only NTLMv2 logins will be attempted.
  • Default: client lanman auth = yes
client ntlmv2 auth (G)
This parameter determines whether or not smbclient(8) will attempt to authenticate itself to servers using the NTLMv2 encrypted password response.
  • If enabled, only an NTLMv2 and LMv2 response (both much more secure than earlier versions) will be sent. Many servers (including NT4 < SP4, Win9x and Samba 2.2) are not compatible with NTLMv2.
  • Similarly, if enabled, NTLMv1, client lanman auth and client plaintext auth authentication will be disabled. This also disables share-level authentication.
  • If disabled, an NTLM response (and possibly a LANMAN response) will be sent by the client, depending on the value of client lanman auth.
  • Note that some sites (particularly those following 'best practice' security polices) only allow NTLMv2 responses, and not the weaker LM or NTLM.
  • Default: client ntlmv2 auth = no
client plaintext auth (G)
Specifies whether a client should send a plaintext password if the server does not support encrypted passwords.
  • Default: client plaintext auth = yes
client schannel (G)
This controls whether the client offers or even demands the use of the netlogon schannel. client schannel = no does not offer the schannel, client schannel = auto offers the schannel but does not enforce it, and client schannel = yes denies access if the server is not able to speak netlogon schannel.
  • Default: client schannel = auto
  • Example: client schannel = yes
client signing (G)
This controls whether the client offers or requires the server it talks to to use SMB signing. Possible values are auto, mandatory and disabled.
  • When set to auto, SMB signing is offered, but not enforced. When set to mandatory, SMB signing is required and if set to disabled, SMB signing is not offered either.
  • Default: client signing = auto
client use spnego (G)
This variable controls whether Samba clients will try to use Simple and Protected NEGOciation (as specified by rfc2478) with supporting servers (including WindowsXP, Windows2000 and Samba 3.0) to agree upon an authentication mechanism. This enables Kerberos authentication in particular.
  • Default: client use spnego = yes
comment (S)
This is a text field that is seen next to a share when a client does a queries the server, either via the network neighborhood or via net view to list what shares are available.
  • If you want to set the string that is displayed next to the machine name then see the server string parameter.
  • Default: comment = # No comment
  • Example: comment = Fred's Files
config file (G)
This allows you to override the config file to use, instead of the default (usually smb.conf). There is a chicken and egg problem here as this option is set in the config file!
  • For this reason, if the name of the config file has changed when the parameters are loaded then it will reload them from the new config file.
  • This option takes the usual substitutions, which can be very useful.
  • If the config file doesn't exist then it won't be loaded (allowing you to special case the config files of just a few clients).
  • No default
  • Example: config file = /usr/local/samba/lib/smb.conf.%m
copy (S)
This parameter allows you to "clone" service entries. The specified service is simply duplicated under the current service's name. Any parameters specified in the current section will override those in the section being copied.
  • This feature lets you set up a "template" service and create similar services easily. Note that the service being copied must occur earlier in the configuration file than the service doing the copying.
  • Default: copy =
  • Example: copy = otherservice
create mode
This parameter is a synonym for create mask.
create mask (S)
When a file is created, the necessary permissions are calculated according to the mapping from DOS modes to UNIX permissions, and the resulting UNIX mode is then bit-wise 'AND'ed with this parameter. This parameter may be thought of as a bit-wise MASK for the UNIX modes of a file. Any bit not set here will be removed from the modes set on a file when it is created.
  • The default value of this parameter removes the 'group' and 'other' write and execute bits from the UNIX modes.
  • Following this Samba will bit-wise 'OR' the UNIX mode created from this parameter with the value of the force create mode parameter which is set to 000 by default.
  • This parameter does not affect directory modes. See the parameter directory mode for details.
  • Note that this parameter does not apply to permissions set by Windows NT/2000 ACL editors. If the administrator wishes to enforce a mask on access control lists also, they need to set the security mask.
  • Default: create mask = 0744
  • Example: create mask = 0775
csc policy (S)
This stands for client-side caching policy, and specifies how clients capable of offline caching will cache the files in the share. The valid values are: manual, documents, programs, disable.
  • These values correspond to those used on Windows servers.
  • For example, shares containing roaming profiles can have offline caching disabled using csc policy = disable.
  • Default: csc policy = manual
  • Example: csc policy = programs
cups options (S)
This parameter is only applicable if printing is set to cups. Its value is a free form string of options passed directly to the cups library.
  • You can pass any generic print option known to CUPS (as listed in the CUPS "Software Users' Manual"). You can also pass any printer specific option (as listed in "lpoptions -d printername -l") valid for the target queue.
  • You should set this parameter to raw if your CUPS server error_log file contains messages such as "Unsupported format 'application/octet-stream'" when printing from a Windows client through Samba. It is no longer necessary to enable system wide raw printing in /etc/cups/mime.{convs,types}.
  • Default: cups options = ""
  • Example: cups options = "raw,media=a4,job-sheets=secret,secret"
cups server (G)
This parameter is only applicable if printing is set to cups.
  • If set, this option overrides the ServerName option in the CUPS client.conf. This is necessary if you have virtual samba servers that connect to different CUPS daemons.
  • Default: cups server = ""
  • Example: cups server = MYCUPSSERVER